Cakephp gotcha: Don’t name controller the same as folder in webroot

February 13th, 2009

This one had me going for a bit, but if you name a controller the same as a file that is in the “webroot” folder, and try to navigate to it, cake will just show you a listing of all the files in the same named directory.

As an example, the “files” folder comes with the cakephp installation right?

Not knowing that, I tried to build a files controller and navigate to it.

but it takes me instead to

and here’s the listing of files

I’m thinking that this could actually be used against you as a vulnerability, so keep that in mind too.

Entry Filed under: cakephp

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">

Trackback this post | Subscribe to the comments via RSS Feed

Calendar

July 2010
S	M	T	W	T	F	S
« Apr
	1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Shared Rails Hosting

Most Recent Posts

jQuery Deconstructed
Running thin instead of mongrel with script/server
In the midst of crisis, opportunity ... a counter-argument to "Free Kills"
Google dropping support for IE6 in March 2010
How to add updated_at and created_at (timestamps) columns to an existing table in rails
Google Chrome adds RSS feed notification/preview/subscription via extension
Don't hit the business growth accelerator just yet Joel!
From the books: Exceptions to Ruby's standard variable assignment by reference behavior
Wordpress creator Matt Mullenweg on staying in the 'zone' as a developer
Passenger dying ... too many apache processes

Kangaroo Court {concept47 blog}